Analyzing Operating Systems’ Behavior to Crafted Packets
Operating Systems are vulnerable to malicious packet injection because of their inherent design and implementation flaws. TCP/IP stacks in different operating systems are especially vulnerable to this. Using crafted packets, we can analyze how each operating system responds to malicious packet injection. The main goal of this study is to analyze behavior of different operating systems to specially crafted packets. In this experiment, we crafted four types of packets: TCP SYN packets with data, packets with IP options, overlapping fragments, and tiny fragments. We use “Scapy” , a powerful packet crafting tool using Python to craft packets with customized headers and payloads. Results indicated that Windows and Linux behaved differently to these packets. Windows showed more vulnerability when receiving data in SYN packets, while Linux responded to packet with IP options. Both systems also handled overlapping fragments differently.
KeywordsPacket manipulation Operating system behavior
- 1.Postel, J., “Internet Protocol”, RFC 791, DARPA, September 1981.Google Scholar
- 2.Postel, J. “Transmission Control Protocol”, RFC 793,DARPA, September 1981.Google Scholar
- 3.Eddy, W., “TCP SYN Flooding Attacks and Common Mitigations”, RFC 4987, Varizon, August 2007.Google Scholar
- 4.Miller, I., “Protection Against a Variant of Tinly Fragment Attack”, RFC 3128, June 2001.Google Scholar
- 5.Biondi, P., “Scapy V2.1.1-dev Documentation. Version 2.1.1”. 19 April. 2010. Web. 09 December. 2011.Google Scholar